feat(#351): agent-routing sync hook + pre-commit/pre-push drift guards (Wave 1 PR 2)

[atlas-apex]

Summary

• apply-agent-routing.sh SessionStart hook — reads agent-routing.yaml (resolved via portfolio_agent_routing from feat(#351): agent-routing.yaml schema + portfolio_agent_routing resolver (Wave 1 PR 1) #353) and rewrites the affected .claude/agents/*.md model: frontmatter in-place on every session start. Orphan entries (routing keys that don't match a shipped agent) are silently skipped — adopter typos don't break the session. Idempotent: re-runs against the same config produce no diff. Per AgDR-0050 § Axis 4.
• block-agent-routing-drift.sh pre-commit + pre-push drift guards — fires when .claude/agents/*.md is staged AND the model: frontmatter no longer matches the framework default. Exits 2 with the offending agent name + the drift direction. Two PreToolUse entries (Bash(git commit *) AND Bash(git push *)) so the guard catches both surfaces; the push entry exists because a git push can carry a forced commit that bypassed the commit-time gate. Escape hatch: # routing-config:override <reason> comment on the staged diff for the rare framework-PR case where the framework-default itself is the point of the change.
• Framework-defaults snapshot lives at .claude/agents/.framework-defaults.json (per-agent model: baseline from AgDR-0050 § Axis 2); the SessionStart hook reads it to know what to restore, the drift guard reads it to know what counts as drift. Snapshot ships with the framework; adopters never edit it.
• docs/multi-project.md "Centralised agent routing" section flipped from "Wave 1 PR 1 (this PR) — inert until PR 2 lands" to live-tense "How the overrides get applied" — names both the SessionStart sync and the two drift guards.

Testing

• Smoke test: bash .claude/hooks/tests/test_agent_routing.sh — 7/7 PASS

  1. Empty config → no-op (no agent files rewritten)
  2. qa-engineer: model: opus override → frontmatter flips from haiku to opus
  3. Orphan entry (nonexistent-agent: model: opus) → silently skipped, no error
  4. Idempotent re-run against an already-applied config → zero diff
  5. Drift guard FIRES on staged drift without escape hatch → exit 2
  6. Drift guard ACCEPTS staged drift WITH # routing-config:override escape hatch → exit 0 + stderr warning
  7. Drift guard ACCEPTS clean-default commit (no routing-frontmatter changes) → exit 0

• Manual override smoke (reviewer-friendly):

  cat > agent-routing.yaml <<YAML
  agents:
    qa-engineer:
      model: opus
  YAML
  bash .claude/hooks/apply-agent-routing.sh
  grep '^model:' .claude/agents/qa-engineer.md   # → model: opus
  
  git checkout .claude/agents/qa-engineer.md     # restore default
  # The drift guard then accepts the next commit because no routing-frontmatter is staged.

Glossary

Term	Definition
agent-routing.yaml	Adopter-authored YAML at <private_repo>/agent-routing.yaml (split-portfolio) or <fork>/agent-routing.yaml (single-fork, gitignored) that overrides per-agent model: / endpoint: / env: / timeout_seconds: framework defaults. Schema + resolver shipped in #353.
Framework defaults snapshot	.claude/agents/.framework-defaults.json — JSON file mapping every shipped agent name to its baseline model:. Source of truth for both the SessionStart sync's restore-from-default step AND the drift guard's "what counts as drift" check. Committed to the framework; adopters never edit.
Drift	Any state where a staged .claude/agents/*.md frontmatter model: value differs from the framework-defaults snapshot. Indicates either a legitimate framework PR (escape hatch required) OR an adopter routing override that accidentally got committed (the failure mode this guard prevents).
# routing-config:override <reason> escape hatch	A literal comment on the staged diff that opts the commit out of the drift gate. Used when a framework PR is intentionally changing a framework default (rare). Visible + auditable per AgDR-0040's escape-hatch convention pattern.
Orphan entry	A routing-config key that doesn't match any shipped .claude/agents/<name>.md — typo, stale entry, or pre-Wave-3 reference. v1 behaviour: silently skip (adopter typos shouldn't break the session).

Refs #351
Refs #347 (Wave 1 PR 1 = #355)

[atlas-apex]

Code Review: PR #357

Commit: 850b0fa0d3414b4d028c5a0740c43831203aaefc

Summary

Wave 1 PR 2 of #351 — finishes the agent-routing flow started by #353. Ships the apply-agent-routing.sh SessionStart hook that reads agent-routing.yaml (resolved via portfolio_agent_routing) and rewrites .claude/agents/*.md frontmatter in-place, paired with block-agent-routing-drift.sh pre-commit + pre-push guards that refuse to let those rewrites escape to a remote. Includes a snapshot mechanism at .claude/agents/.framework-defaults.json so the drift guard has a baseline, plus a # routing-config:override <reason> escape hatch for legitimate framework-default changes. 7-case smoke test, settings.json wiring, docs flip to live-tense.

Checklist Results

• Architecture & Design: Pass
• Code Quality: Pass
• Testing: Pass (with one note — see Suggestions)
• Security: Pass
• Performance: Pass
• PR Description & Glossary: Pass
• Technical Decisions (AgDR):Pass (AgDR-0050 § Axis 4 cited correctly + consistently across both hooks + docs/multi-project.md)
• Adopter Handbooks: N/A (no handbooks dir on this fork)

Verified locally

• 7/7 smoke-test cases PASS on the head commit
• Token-efficiency Wave 1 invariants still pass with the new SessionStart hook added (153 chars worst-case banner total)
• Byte-equal idempotency confirmed on the actual artefacts: SHA of qa-engineer.md AND .framework-defaults.json are identical across two consecutive sync-hook runs
• Multi-agent snapshot is valid JSON that round-trips through json.load() cleanly
• Push-gate justification verified: with the commit-gate bypassed via --no-verify-equivalent flow, the push-gate independently catches the drift on push. Confirmed exit 2 + correct error message. This is the load-bearing reason for the dual-guard placement and matches the AgDR-0050 § Axis 4 spec ("pre-commit ... pre-push sweeps the same surface").
• Malformed YAML handling (missing agents: key, non-dict agent value, typo'd field name) all silently no-op — robust + consistent with v1 silent-on-error posture

Verdict on the focus questions

1. Dual-guard placement — JUSTIFIED. The push-gate is not redundant. Verified empirically: a drift commit made with the commit-gate bypassed (git -c core.hooksPath=/dev/null commit ...) gets caught by the push-gate when the operator next tries to push. The two surfaces have different bypass profiles — --no-verify skips the commit gate; only the push-gate sees the staged-to-be-pushed range. Both entries belong.

2. Silent-skip-on-orphan — CORRECT v1 posture. Matches AgDR-0050's "Adopter forgets to re-session" + "silent on no-change" pattern. A warning would also be defensible (typos are common, silent skip can mask a stale entry the adopter does not realise stopped applying), but silence is the AgDR-specified posture and the consistent precedent in link-custom-skills.sh + similar SessionStart hooks. v2 could add a --diagnose flag if adopter feedback warrants it; not a v1 blocker.

3. Snapshot location — DEFENSIBLE at .claude/agents/.framework-defaults.json. The dotfile convention matches its "session-generated, gitignored, never edited by hand" role; co-located with the .claude/agents/*.md files it describes (good locality). Moving to templates/ would imply framework-shipped, which contradicts its actually-generated-by-hook nature. _framework-defaults.json would be more visible to ls but also more likely to be confused for an editable file. Keep as-is.

4. Idempotency claim — CONFIRMED EMPIRICALLY. SHA of both the agent file and the snapshot JSON are byte-equal across two consecutive runs. Not "close to zero diff" — actually zero.

5. AgDR linkage — Correct. AgDR-0050 § Axis 4 cited 5x across the two hooks + docs/multi-project.md, all consistent with the AgDR's "SessionStart hook + pre-commit + pre-push guards" wording.

6. Glossary completeness — 5 PR-specific terms covered well. SessionStart / PreToolUse / frontmatter are framework-pervasive vocabulary an apexyard reader already knows; not glossary-required.

Issues Found

None blocking.

Suggestions (non-blocking)

1. allowed_tools_override comment vs implementation drift — apply-agent-routing.sh:115 says the parser emits one row per agent for key ∈ {model, endpoint, env, timeout_seconds, allowed_tools_override}, but the actual parse_routing() only emits rows for model/endpoint/env/timeout_seconds. docs/multi-project.md:549 lists allowed_tools_override as a supported schema field. Result: an adopter who sets allowed_tools_override: ... in their routing YAML gets a silent no-op — the field is documented as supported but is not actually applied. Either drop the field from the comment + docs (deferring to a later wave) or add the parser branch. Not a blocker because allowed_tools_override is documented as "advanced — use sparingly" and the field is genuinely supportable in a follow-up; flag it so adopters do not get surprised.

2. Test gaps relative to documented surface area —

   • endpoint: standalone: only exercised through the idempotency case (case 4), which mixes endpoint + env in one test. An "endpoint-only override writes the env file with exactly one ANTHROPIC_BASE_URL= line" case would isolate the endpoint behaviour.
   • timeout_seconds: not tested at all — value is parsed + written to APEXYARD_AGENT_TIMEOUT=, but no case asserts that.
   • allowed_tools_override: not tested (consistent with suggestion 1 — if it is deferred, that is fine; if it is supposed to be live, it needs a test).
   • Push-gate drift case not in the test suite — case 5 covers the commit-gate firing, case 6 covers the escape hatch, case 7 covers no-drift; there is no case for "commit-gate bypassed, push-gate catches the drift on push". I verified this manually and it works, but the regression-protection case is missing. The PR body's "Two PreToolUse entries (Bash(git commit *) AND Bash(git push *))" claim should have a test that fails if the push-gate entry is removed.
   • Two-overrides-same-agent merge — what happens if qa-engineer has both model: and endpoint: set? The hook handles it (independent code paths per key) but no test confirms.

3. PR description "Snapshot ships with the framework" vs reality — the PR body says "Snapshot ships with the framework; adopters never edit it." The .gitignore entry says "Adopter-local; the sync hook regenerates it each session, so committing would be churn." These contradict. The implementation does the gitignored / adopter-local thing — so the PR body wording is misleading. Suggest: "Snapshot is adopter-local, gitignored, regenerated by the SessionStart hook from git show dev:.claude/agents/<name>.md on each run."

4. Test-file path typo in PR body — body references bash .claude/hooks/tests/test_agent_routing.sh but actual file is test_agent_routing_sync_and_drift.sh. Cosmetic.

5. Implementation vs AgDR scope — AgDR-0050 § Axis 4 says the push-gate "sweeps the same surface before any push to a public-class remote". The implementation fires on any push, regardless of remote class. The stricter behaviour is arguably better (private remotes can become public; mirrors exist), but it is a deviation worth noting if a future adopter ever asks "why is my drift blocked when I am pushing to my private fork?". Not a code change — either tighten the hook to inspect the push target (git rev-parse --abbrev-ref @{push} -> remote name -> public-class lookup), or update the AgDR consequence to say "any push" (probably simpler).

6. Banner stream — the sync hook writes to stderr (echo "..." >&2), consistent with the existing SessionStart pattern in check-upstream-drift.sh and others. Good.

Handbook Findings

None — no handbooks present on this fork.

Verdict

APPROVED

The two hooks implement AgDR-0050 § Axis 4 cleanly. Dual-guard placement is justified by the verified bypass-via-no-verify scenario. Idempotency is byte-equal across runs. The smoke test covers the load-bearing 7 cases; the gaps above are suggestions for a follow-up test PR, not blockers. The allowed_tools_override comment/docs/implementation drift is the most substantive non-blocking note — adopters will silently lose that field today. Ship + file a follow-up.

---

Reviewed by Rex (Code Reviewer Agent)
Reviewed commit: 850b0fa0d3414b4d028c5a0740c43831203aaefc

[atlas-apex]

Code Review: PR #357 (re-review after 71be4b8)

Commit: 71be4b844c3d1d9ebd98aeb2e36eac8d00cc6a8f

Summary

Re-review focused on the counts-only follow-up commit (850b0fa..71be4b8). The delta is 6 files, all under site/, bumping 29 → 31 in marketing copy to reflect the two new hooks added by this PR (apply-agent-routing.sh + block-agent-routing-drift.sh). No logic change.

Checklist Results

• Architecture & Design: N/A (marketing copy only)
• Code Quality: Pass
• Testing: Pass (smoke test runs, but see Issues)
• Security: Pass
• Performance: Pass
• PR Description & Glossary: Pass (inherited from prior verdict)
• Technical Decisions (AgDR): Pass (inherited — no new decisions in this delta)
• Adopter Handbooks: N/A

Verification of the three asks

1. Hook count at HEAD = 31. Verified by ls .claude/hooks/*.sh | grep -v _lib | grep -v tests/ | wc -l. The two new hooks (apply-agent-routing.sh, block-agent-routing-drift.sh) are present alongside the prior 29. 29 + 2 = 31 ✓

2. The 6-file diff is exactly site-copy. Confirmed via the GitHub compare API. Files touched: site/architecture.html, site/architecture.md.gen, site/index.html, site/index.md.gen, site/llms.txt, site/llms-full.txt. No drive-by edits ✓

3. No stale 29 hooks / 29 shell scripts / 29 shell gates / 29 mechanical gates — but TWO stale 29 shell hooks slipped through. See below.

Issues Found

⛔ Two stale 29 shell hooks references remain at HEAD — files outside the 6-file bump.

File:line	Content
site/llms.txt:39	- **29 shell hooks** mechanically enforce SDLC rules — ticket-first, migration …
site/skill.md:35	29 shell hooks enforce SDLC rules mechanically — ticket-first, migration

The follow-up commit DID touch site/llms.txt (line 4: 53 skills, 31 hooks, 19 role definitions) but missed line 39 of the same file, which uses the shell hooks phrasing. site/skill.md was not touched at all by this commit and is not in the PR's diff — but it carries the same stale claim, and the explicit purpose of this PR is to ensure no marketing copy claims the old count.

Why the local smoke test passed despite the drift: .claude/hooks/tests/test_site_counts.sh has a noun-pattern coverage gap. It scans for [0-9]+ +hooks, [0-9]+ +shell +scripts?, [0-9]+ +shell +gates?, [0-9]+ +mechanical +gates? — but not [0-9]+ +shell +hooks. The regex [0-9]+ +hooks cannot match 29 shell hooks because shell sits between 29 and hooks. Confirmed by running the test at HEAD (it reports PASS) and then running the regex by hand (matches 29 shell hooks only when the pattern is widened to allow shell between).

This is two findings rolled into one:

• PR-blocking: the two stale references on the live site contradict the PR's stated purpose. Bump both to 31 in this PR before merge.
• Test gap (not blocking this PR, but should land in a follow-up): extend the smoke test to cover [0-9]+ +shell +hooks? so a future hook-count drift on this phrasing is caught by CI rather than by re-review.

Handbook Findings

No handbook violations.

Suggestions

• After fixing the two stale references, consider a one-line grep guard in the test: grep -rnE '\b[0-9]+ +shell +hooks?\b' site/ should return zero hits when counts match (run alongside the existing per-file noun-pattern scan). One-liner; closes the coverage gap without restructuring the test.

Verdict

CHANGES REQUESTED

Two stale 29 shell hooks claims survived the counts refresh — site/llms.txt:39 and site/skill.md:35. The smoke test missed both because its noun-pattern list doesn't cover the shell hooks phrasing. Bump both to 31 (and ideally widen the smoke test) before merge.

---

🤖 Reviewed by Rex (Code Reviewer Agent)
📌 Reviewed commit: 71be4b844c3d1d9ebd98aeb2e36eac8d00cc6a8f

[atlas-apex]

Code Review: PR #357 (re-review at follow-up HEAD)

Commit: ed8c83efd3ce07e4bb32bea5f4f14d7938693911

Summary

Follow-up commit ed8c83e resolves the CHANGES REQUESTED verdict on the prior HEAD 71be4b8. The fix closes the test-coverage gap and the three stale layer-claim lines.

Checklist Results

• Architecture & Design: Pass
• Code Quality: Pass
• Testing: Pass — bash .claude/hooks/tests/test_site_counts.sh returns PASS at HEAD ed8c83e
• Security: Pass (N/A)
• Performance: Pass (N/A)
• PR Description & Glossary: Pass
• Technical Decisions: Pass — no new decisions; the regex addition is mechanical
• Adopter Handbooks: N/A

Verification of the four concerns raised

1. shell +hooks? regex addition (test_site_counts.sh:122) — correct and well-placed. Sits in the noun-pattern list alongside shell +scripts?, shell +gates?, mechanical +gates?. Verified with the test: "31 shell hooks" flagged, "31 shell hook" (singular) flagged. False-positive risk for "shell hooked into the system" exists in theory (the ? quantifier means the regex matches the hook prefix), but the new pattern is no worse than the existing siblings (shell +scripts? would also flag "shell scripted"). Adding \b word boundaries across all four noun patterns would be a consistency improvement — appropriate for a separate follow-up, not in scope for this PR. No-go on blocking this for the theoretical false-positive.

2. Three multi-line layer-claim refreshes (site/llms-full.txt:131-133) — all three match actuals verified at HEAD:

   • 53 slash commands — matches ls -d .claude/skills/*/ | wc -l = 53
   • 12 sub-agents — matches ls .claude/agents/*.md | wc -l = 12 (5 utility: Rex, Hatim, Munir, Tariq, Idris + 7 engineering: Khalid, Hisham, Karim, Yasmin, Salim, Adel, Saif). Aligns with the AgDR-0050 § Axis 2 matrix referenced in CLAUDE.md.
   • 31 mechanical enforcement scripts — matches ls .claude/hooks/*.sh | grep -v _lib- | wc -l = 31

3. Cross-line regex gap acknowledgement — agree it's out of scope for this PR. The current single-line-anchored regex is the right shape for the most common drift pattern (N noun on one line); cross-line scanning would need a different architecture (multi-line context buffer, sentence boundary detection) and likely belongs in its own AgDR + follow-up PR. The commit message correctly documents the gap so the next operator hitting it has a starting point.

4. Carry-over from prior 5 non-blocking suggestions — checked the PR diff; the allowed_tools_override advertised-but-not-parsed gap and the PR body's test_agent_routing.sh vs test_agent_routing_sync_and_drift.sh filename mismatch are still present, but those are pre-existing carry-overs from the agent-routing scope (PRs #355/#357), not test-coverage issues. Recommend filing as separate cleanup tickets rather than expanding this PR's scope — the follow-up commit is surgically scoped to the test gaps I called out, which is the right shape.

Issues Found

None.

Handbook Findings

None.

Suggestions (non-blocking, future work)

1. Word-boundary the existing noun patterns — shell +(scripts?|gates?|hooks?) etc. all have a latent prefix-match false-positive for "shell scripted", "shell gated", "shell hooked". Add \b (or (?![a-z])) after the noun in a separate consistency PR.
2. Cross-line claim drift — the three lines refreshed in llms-full.txt:131-133 were only caught by manual audit. A future enhancement could either (a) introduce a multi-line scanner with a sliding window, or (b) emit a YAML manifest of every claim at build time and diff it against a generated authoritative file. Sufficient for now to track as backlog.
3. allowed_tools_override parser — the schema advertises this field in the example YAML but the SessionStart hook doesn't currently parse it (verified via inspection of apply-agent-routing.sh — the field is documented but the loop reads only model:, endpoint:, env:, timeout_seconds:). File a follow-up cleanup ticket.
4. PR body test filename — the testing section references test_agent_routing.sh but the actual file in the diff is test_agent_routing_sync_and_drift.sh. Cosmetic; resolve when the PR description is next edited.

Verdict

APPROVED

The follow-up commit closes the two coverage gaps I flagged on the prior review:

• Regex pattern list now covers all four shell-hook noun variants (scripts?, gates?, mechanical gates?, shell hooks?)
• All stale layer claims (single-line via regex, multi-line via manual audit) refreshed to actuals at this HEAD

The cross-line scanner limitation is correctly acknowledged as out-of-scope; the non-blocking suggestions in this review can move to separate tickets.

---

Reviewed by Rex (Code Reviewer Agent)
Reviewed commit: ed8c83efd3ce07e4bb32bea5f4f14d7938693911